A group claiming to be hackers who stole more than two million records from the Legal Aid Agency (LAA) has threatened to publish the information unless one of their members is ‘freed’.
Members of the ShinyHunters cybercrime group made the threat on a new Telegram channel, The Times reported. The group said in the Telegram post that if the MoJ did not ‘free’ the unnamed individual by 6am on Monday, ‘we will leak all the GitHub repositories and the Legal Aid Agency Ministry of Justice database’. The threat did not appear to have been carried out as the deadline passed and the Gazette understands it has not been possible to verify the legitimacy of the Telegram posts.
Read more
The LAA’s online portal was taken offline in May after the MoJ discovered that legal aid applicants’ personal data dating back to 2010 had been accessed. On 31 July the MoJ revealed the hack was bigger than first thought. An update added to their announcement of the breach said: ‘We have updated the notice to reflect that further investigations have shown that some data going back to 2007 may have been accessed as well as information linked to the partners of applicants. Previously we stated the data went back to 2010.’
The data breach has caused months of disruption for practitioners, who have been grappling with the LAA’s growing list of contingency measures.
A Ministry of Justice spokesperson told the Gazette today: ‘We will not negotiate with criminals or engage with their ransom demands. It is illegal to share this data and anyone who does so could be sent to prison.’
There is an injunction in place to prevent use, publication or disclosure of the data and anyone doing so commits a contempt of court. The National Crime Agency is investigating the data breach and the Commons justice select committee will examine the LAA and MoJ’s response to the cyber-attack as part of its major access to justice inquiry.
No comments yet